1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Commit Graph

1043 Commits

Author SHA1 Message Date
Nick Wellnhofer
821a037038 parser: Fix memory leak in xmlLoadEntityContent
Found by OSS-Fuzz.
2023-10-09 15:20:00 +02:00
Nick Wellnhofer
4fc5340ec5 parser: Also grow comment buffer if SAX is disabled
Fix short-lived regression from 8afd321a, found by OSS-Fuzz.
2023-10-08 14:26:35 +02:00
Nick Wellnhofer
36374bc9fc parser: Fix error handling in xmlLoadEntityContent
Backup more members of context struct. Fix small accounting error.
2023-10-08 14:08:44 +02:00
Nick Wellnhofer
b76d81dab3 parser: Fix regression when push parsing parameter entities
Short-lived regression from 834b8123.

Also shrink parameter entity buffers when push parsing.
2023-10-06 13:11:19 +02:00
Nick Wellnhofer
134d2ad890 parser: Protect against quadratic default attribute expansion 2023-10-06 12:47:24 +02:00
Nick Wellnhofer
7615fae62e parser: Make XML_PARSE_NSCLEAN option work again 2023-10-06 12:28:59 +02:00
Nick Wellnhofer
0ba22c0513 parser: Support encoded external PEs in entity values
Corner case which was never supported.
2023-10-06 12:28:59 +02:00
Nick Wellnhofer
8afd321abd parser: Missing checks for disableSAX 2023-10-06 12:28:59 +02:00
Nick Wellnhofer
97e99f4112 parser: Acknowledge that entities with namespaces are broken
Entities which reference out-of-scope namespace have always been broken.
xmlParseBalancedChunkMemoryInternal tried to reuse the namespaces
currently in scope but these namespaces were ignored by the SAX handler.
Besides, there could be different namespaces in scope when expanding the
entity again. For example:

    <!DOCTYPE doc [
      <!ENTITY ent "<ns:elem/>">
    ]>
    <doc>
      <decl1 xmlns:ns="urn:ns1">
        &ent;
      </decl1>
      <decl2 xmlns:ns="urn:ns2">
        &ent;
      </decl2>
    </doc>

Add some comments outlining possible solutions to this problem.

For now, we stop copying namespaces to the temporary parser context
in xmlParseBalancedChunkMemoryInternal. This has never really worked
and the recent changes contained a partial fix which uncovered other
problems like a use-after-free with the XML Reader interface, found
by OSS-Fuzz.
2023-10-05 17:41:46 +02:00
Nick Wellnhofer
eb69c1d39d parser: Fix initialization of namespace data
Move initialization to xmlInitSAXParserCtxt. Also add missing XML_HIDDEN
to xmlParserNsFree.

Fixes #597.
2023-10-02 12:33:29 +02:00
Nick Wellnhofer
fc49679316 parser: Fix error handling in xmlParseQNameHashed
Short-lived regression found by OSS-Fuzz.
2023-10-02 12:05:36 +02:00
Nick Wellnhofer
6dd87f5eef malloc-fail: Fix memory leak in xmlParseBalancedChunkMemoryInternal
Short-lived regression found by OSS-Fuzz.
2023-09-30 17:11:25 +02:00
Nick Wellnhofer
e0dd330b8f parser: Use hash tables to avoid quadratic behavior
Use a hash table to lookup namespaces by prefix. The hash table stores
an index into the namespace table. Auxiliary data for namespaces is
stored in a separate array along the main namespace table.

Use a hash table to verify attribute uniqueness. The hash table stores
an index into the attribute table.

Reuse hash value from the dictionary to avoid computing them twice.

See #346.
2023-09-29 12:43:22 +02:00
Nick Wellnhofer
a873191cd2 parser: Introduce xmlParseQNameHashed 2023-09-29 12:43:08 +02:00
Nick Wellnhofer
8c084ebdc7 doc: Make apibuild.py happy 2023-09-21 22:57:33 +02:00
Nick Wellnhofer
11a1839ddd globals: Move remaining globals back to correct header files
This undoes a lot of damage.
2023-09-20 22:06:49 +02:00
Nick Wellnhofer
a77f9ab84c globals: Don't include SAX2.h from globals.h 2023-09-20 22:06:49 +02:00
Nick Wellnhofer
2e6c49a74d globals: Don't store xmlParserVersion in global state
This is a constant.
2023-09-20 22:06:49 +02:00
Nick Wellnhofer
a07ec7c1a7 threads: Move library initialization code to threads.c
This allows to consolidate the initialization code since the global init
lock was already implemented in threads.c.
2023-09-19 17:35:12 +02:00
Nick Wellnhofer
4e1c13ebfd debug: Remove debugging code
This is barely useful these days and only clutters the code base.
2023-09-19 17:35:09 +02:00
Nick Wellnhofer
c19771c1f1 globals: Move code from threads.c to globals.c
Move all code that handles globals to the place where it belongs.
2023-09-19 17:34:38 +02:00
Nick Wellnhofer
d7cfe35650 parser: Avoid undefined behavior in xmlParseStartTag2
Instead of using arithmetic on dangling pointers, store ptrdiff_t values
in void pointers which is at least implementation-defined.
2023-09-14 20:52:24 +02:00
Nick Wellnhofer
57cfd221a6 dict: Use xoroshiro64** as PRNG
Stop using rand_r. This enables hash randomization on all platforms.
2023-09-01 14:52:04 +02:00
Nick Wellnhofer
53050b1dd8 parser: More fixes to push parser error handling 2023-08-29 20:06:43 +02:00
Nick Wellnhofer
bbd918b2e7 parser: Fix detection of null bytes
Also suppress misleading extra errors.

Fixes #122.
2023-08-29 18:43:10 +02:00
Nick Wellnhofer
c6083a32d6 parser: Improve error handling in push parser
- Report errors earlier
- Align error messages with pull parser
2023-08-29 18:41:05 +02:00
Nick Wellnhofer
1edae30f82 parser: Don't check inputNr in xmlParseTryOrFinish
There's no apparent reason for this check. inputNr should always be 1
here.
2023-08-29 18:17:14 +02:00
Nick Wellnhofer
e48f2695fe parser: Remove push parser debugging code 2023-08-29 18:17:09 +02:00
Nick Wellnhofer
ed3bd05284 parser: Allow to set maximum amplification factor 2023-08-20 20:49:16 +02:00
Nick Wellnhofer
855818bd2b parser: Check for truncated multi-byte sequences
When decoding input data, check whether the "raw" buffer is empty after
parsing the document. Otherwise, the input ends with a truncated
multi-byte sequence which shouldn't be silently ignored.
2023-08-08 15:21:37 +02:00
Nick Wellnhofer
95e81a360c parser: Decode all data in xmlCharEncInput
Even with flush set to true, xmlCharEncInput didn't guarantee to decode
all data. This complicated the push parser.

Remove the flush flag and always decode all available data.

Also fix ICU code where the flush flag has a different meaning. Always
set flush to false and retry even with empty input buffers.
2023-08-08 15:21:31 +02:00
Nick Wellnhofer
834b8123ef parser: Stream data when reading from memory
Don't create a copy of the whole input buffer. Read the data chunk by
chunk to save memory.

Historically, it was probably envisioned to read data from memory
without additional copying. This doesn't work reliably with the current
design of the XML parser which requires a terminating null byte at the
end of input buffers. This lead to xmlReadMemory interfaces, which
expect pointer and size arguments, being changed to make a
zero-terminated copy of the input buffer. Interfaces based on
xmlReadDoc, which actually expect a zero-terminated string and
would make zero-copy operation work, were then simplified to rely on
xmlReadMemoryi, resulting in an unnecessary copy.

To avoid copying (possibly gigabytes) of memory temporarily, we now
stream in-memory input just like content read from files in a
chunk-by-chunk fashion (using a somewhat outdated INPUT_CHUNK size of
250 bytes). As a side effect, we also avoid another copy of the whole
input when handling non-UTF-8 data which was made possible by some
earlier commits.

Interfaces expecting zero-terminated strings now make use of strnlen
which unfortunately isn't part of the standard C library and only
mandated since POSIX 2008.
2023-08-08 15:21:28 +02:00
Nick Wellnhofer
5aff27ae78 parser: Optimize xmlLoadEntityContent
Load entity content via xmlParserInputBufferGrow, avoiding a copy.

This also fixes an entity size accounting error.
2023-08-08 15:21:25 +02:00
Nick Wellnhofer
facc2a06da parser: Don't overwrite EOF parser state 2023-08-08 15:21:21 +02:00
Nick Wellnhofer
59fa0bb383 parser: Simplify input pointer updates
The base member always points to the beginning of the buffer.
2023-08-08 15:21:14 +02:00
Nick Wellnhofer
c88ab7e329 parser: Don't reinitialize parser input members
The parser input struct should already be initialized.
2023-08-08 15:19:54 +02:00
Nick Wellnhofer
ec7be50662 parser: Rework encoding detection
Introduce XML_INPUT_HAS_ENCODING flag for xmlParserInput which is set
when xmlSwitchEncoding is called. The parser can use the flag to
reliably detect whether an encoding was already set via user override,
BOM or other auto-detection. In this case, the encoding declaration
won't be used to switch the encoding.

Before, an inscrutable mix of ctxt->charset, ctxt->input->encoding
and ctxt->input->buf->encoder was used.

Introduce private helper functions to switch encodings used by both the
XML and HTML parser:

- xmlDetectEncoding which skips over the BOM, allowing to remove the
  BOM checks from other encoding functions.
- xmlSetDeclaredEncoding, replacing htmlCheckEncodingDirect, which warns
  about encoding mismatches.

If users override the encoding, store the declared instead of the actual
encoding in xmlDoc. In this case, the actual encoding is known and the
raw value from the doc is more useful.

Also use the input flags to store the ISO-8859-1 fallback state.
Restrict the fallback to cases where no encoding was specified. (The
fallback is only useful in recovery mode and these days broken UTF-8 is
probably more likely than ISO-8859-1, so it might eventually be removed
completely.)

The 'charset' member of xmlParserCtxt is now unused. The 'encoding'
member of xmlParserInput is now unused.

The 'standalone' member of xmlParserInput is renamed to 'flags'.

A new parser state XML_PARSER_XML_DECL is added for the push parser.
2023-08-08 15:19:46 +02:00
Nick Wellnhofer
d38e73f91e parser: Always create UTF-8 in xmlParseReference
It seems that this code path could only be triggered after an encoding
error in recovery mode. Creating char-ref nodes is unnecessary and
typically unexpected.
2023-08-08 15:19:44 +02:00
Nick Wellnhofer
131d0dc0a7 parser: Don't use 'standalone' member of xmlParserInput
The standalone declaration is only parsed in the main input stream.
2023-08-08 15:19:39 +02:00
Nick Wellnhofer
d9ec182b65 parser: Don't detect encoding in xmlCtxtResetPush
The encoding will be detected in xmlParseTryOrFinish.
2023-08-08 15:19:36 +02:00
Nick Wellnhofer
90bcbcfcc7 parser: Fix potential use-after-free in xmlParseCharDataInternal
Return immediately if a SAX handler stops the parser.

Fixes #569.
2023-07-20 21:40:57 +02:00
Nick Wellnhofer
e0f3016f71 parser: Fix regression when push parsing UTF-8 sequences
Partial UTF-8 sequences are allowed when push parsing.

Fixes #542.
2023-05-18 18:21:20 +02:00
Nick Wellnhofer
235b15a590 SAX: Always initialize SAX1 element handlers
Follow-up to commit d0c3f01e. A parser context will be initialized to
SAX version 2, but this can be overridden with XML_PARSE_SAX1 later,
so we must initialize the SAX1 element handlers as well.

Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so
we don't switch to SAX1 if the SAX2 element handlers are NULL.
2023-05-08 19:15:44 +02:00
Nick Wellnhofer
d0c3f01e11 parser: Fix old SAX1 parser with custom callbacks
For some reason, xmlCtxtUseOptionsInternal set the start and end element
SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1
was specified. This means that custom SAX handlers could never work with
that flag because these functions would receive the wrong user data
argument and crash immediately.

Fixes #535.
2023-05-06 17:47:37 +02:00
Nick Wellnhofer
320f5084cd parser: Improve handling of encoding and IO errors
Make sure that xmlCharEncInput, xmlParserInputBufferPush and
xmlParserInputBufferGrow set the correct error code in the
xmlParserInputBuffer. Handle errors when calling these functions.
2023-04-30 21:31:54 +02:00
Nick Wellnhofer
fc69cf568b parser: Move xmlFatalErr to parserInternals.c 2023-04-30 17:51:29 +02:00
Nick Wellnhofer
3ffcc03b16 parser: Deprecate more internal functions 2023-04-26 20:23:23 +02:00
Nick Wellnhofer
250faf3c83 parser: Fix regression in xmlParserNodeInfo accounting
Commit 62150ed2 broke begin_pos and begin_line when extra node info was
recorded.

Fixes #523.
2023-04-20 15:38:00 +02:00
Nick Wellnhofer
9282b08431 parser: Fix regression in memory pull parser with encoding
Revert another change from commit 98840d40.

Decode the whole buffer when reading from memory and switching to the
initial encoding. Add some comments about potential improvements.
2023-04-19 22:32:19 +02:00
David Kilzer
86105c0493 Fix use-after-free in xmlParseContentInternal()
* parser.c:
(xmlParseCharData):
- Check if the parser has stopped before advancing
  `ctxt->input->cur`.  This only occurs if a custom SAX error
  handler calls xmlStopParser() on fatal errors.

Fixes #518.
2023-04-16 12:01:05 -07:00